CVE Catalog

CVE-2026-23884

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.40%

32th percentile - higher than 32% of all known CVEs

Summary

In FreeRDP prior to version 3.21.0, offscreen bitmap deletion leaves `gdi->drawing` pointing to freed memory, causing a use-after-free (UAF) when related update packets arrive. A malicious server can trigger a client-side use after free, causing a crash (DoS) and potential heap corruption with code-execution risk depending on allocator behavior and surrounding heap layout.

Risk Assessment

The risk includes client RDP crash and potential remote code execution, which could lead to compromise of confidentiality and integrity of the client system.

Recommendation

Immediately update FreeRDP to version 3.21.0 or later, which contains a fix for the vulnerability.

Original NVD description (English source)

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, offscreen bitmap deletion leaves `gdi->drawing` pointing to freed memory, causing UAF when related update packets arrive. A malicious server can trigger a client‑side use after free, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS